package com.lyl.server;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 资源服务器配置
 * 
 * @author 80575590
 *
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
	private static final String DEMO_RESOURCE_ID = "client-resource";

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
		resources.resourceId(DEMO_RESOURCE_ID).stateless(true);
	}

	/**
	 *  这里设置需要token验证的url
	 * 这些需要在WebSecurityConfigurerAdapter中排查掉
	 * 否则优先进入WebSecurityConfigurerAdapter,进行的是basic auth或表单认证,而不是token认证
	 * 
	 * @param http
	 * @throws Exception
	 */
	@Override
	public void configure(HttpSecurity http) throws Exception {

		http.requestMatchers().antMatchers("/api-admin/**","/api-user/**")
		.and().authorizeRequests().antMatchers("/api-admin/**").hasRole("ADMIN")
		.and().authorizeRequests().antMatchers("/api-user/**").hasRole("USER")
		.and().authorizeRequests().antMatchers("/oauth/**")
				.permitAll()
		;

	}

}
